macs-on-active-directory.md

Binding and Unbinding to Active Directory from Mac OS via Command Line

• Open the Terminal Application
• Type in sudo -i and type in your Mac Administrator account password. sudo gives you root level or administrator level privileges.

To View current Active Directory Settings

dsconfigad -show

To Unbind a Computer from an Active Directory Domain

dsconfigad -f -r -u

Note: <username> needs to be replaced with domain administrator who has binding/unbinding rights.

---

To Bind a Mac Laptop Computer to an Active Directory Domain

<computer-name> --> replace this with the computer name you want to bind to Active Directory
<username> --> needs to be replaced with domain administrator who has binding/unbinding rights.
<domain> --> replace with domain you want to join.

dsconfigad -a <computer-name> -u <username> -ou "CN=Computers,DC=network,DC=pcpc,DC=org" -domain <domain> -mobile enable -mobileconfirm enable -localhome enable -useuncpath enable -groups "Domain Admins,Enterprise Admins" -alldomains enable

---

To Bind a Mac Desktop Computer to an Active Directory Domain

<computer-name> --> replace this with the computer name you want to bind to Active Directory
<username> --> needs to be replaced with domain administrator who has binding/unbinding rights.
<domain> --> replace with domain you want to join.

dsconfigad -a <computer-name> -u <username> -ou "CN=Computers,DC=network,DC=pcpc,DC=org" -domain <domain> -localhome enable -useuncpath enable -groups "Domain Admins,Enterprise Admins" -alldomains enable

Script to automate this process

#!/bin/bash
USERNAME='username'
DOMAIN='host.domain.tld'
COMPUTERSOU='OU=Computers,DC=host,DC=domain,DC=tld'
HOSTNAME=`hostname -s`
dsconfigad -a $HOSTNAME -u $USERNAME -ou "$COMPUTERSOU" -domain $DOMAIN -localhome enable -useuncpath enable -groups "Domain Admins" -alldomains enable